Scherzer Blog

The Swiss-U.S. Privacy Shield Framework is approved

The Swiss-U.S. Privacy Shield Framework (the “Framework”) made its debut on January 12, 2017 without much fanfare when Swiss federal councillor Johann Schneider-Ammann announced the Framework’s approval as a valid legal mechanism to comply with Swiss requirements for transferring personal data from Switzerland to the United States. The Framework, designed by the U.S. Department of Commerce (the “DOC”) and the Swiss government to align with the EU-U.S. Privacy Shield, will immediately replace the U.S.-Swiss Safe Harbor. The DOC will begin accepting self-certifications starting April 12, 2017 to give organizations ample time to review the new Framework’s principles and compliance requirements. For more of Scherzer International’s coverage of the EU-U.S. Privacy Shield, click here.

|Business Transactions, European Union, International, Legislation, Privacy, Risk Management|

City of Los Angeles’ “Fair Chance Initiative for Hiring” goes into effect January 22, 2017

The City of Los Angeles passed the “Fair Chance Initiative for Hiring (LAFCIH),” a new “ban-the-box” legislation that goes into effect January 22, 2017, with monetary fines for non-compliance starting July 1, 2017. The LAFCIH applies to most private sector employers that (1) are located in or doing business in the City of Los Angeles; and (2) employ 10 or more people. The law covers both applicants and incumbent employees in virtually any type of employment situation.

The ordinance prohibits covered private employers from inquiring about an applicant’s criminal history until a conditional offer of employment has been extended, and imposes significant compliance obligations, including a requirement that before making an adverse decision based on a criminal record, the employer “performs a written assessment that effectively links the specific aspects of the applicant’s criminal history with risks inherent in the duties of the employment position sought by the applicant.” At a minimum, the employer must consider factors identified by the Equal Employment Opportunity Commission in its 2012 Enforcement Guidance and any other factors that may be required by rules or guidelines promulgated by the city’s Department of Public Works, Bureau of Contract Administration [Department] which will be administering the LAFCIH.

The employer must then engage in a “fair chance process,” allowing the candidate to provide information or documentation regarding the accuracy of the criminal record or other information that the employer should consider, such as evidence of rehabilitation or other mitigating factors. The proposed position must be held open for at least five business days after the candidate has received the employer’s notification and assessment. If the candidate provides additional information or documentation, the employer is required to consider the new information and perform a written re-assessment.

Additionally, the LAFCIH provides that all covered employers include the following language in any advertisement or solicitation seeking applicants:

“The employer will consider for employment qualified applicants with criminal histories in a manner consistent with [the Los Angeles Fair Chance Initiative for Hiring].”

There is also a notice posting requirement, which must be in a conspicuous place at every workplace, job site, or other location in the City of Los Angeles under the employer’s control that is visited by applicants. Copies of the notice must be sent to each labor union or representative of workers that has a collective bargaining agreement or other agreement applicable to employees in Los Angeles.

Employers are required to maintain all records and documents related to an individual’s application for employment, including any written assessments and re-assessments for a period of three years after the receipt of the job application.

As with other “ban-the-box” legislation, the LAFCIH makes it unlawful for an employer to retaliate or otherwise take adverse action against an individual who has complained about the employer’s non-compliance or anticipated non-compliance; opposed any practice made unlawful by the ordinance; participated in any proceedings related to enforcement of the law, or otherwise sought to enforce or assert his/her rights under the LAFCIH.

The LAFCIH does not apply in the following circumstances: (1) when the employer is required by law to obtain information regarding an applicant’s criminal convictions; (2) when the applicant will be required to possess or use a firearm in the course of his/her employment; (3) when the applicant is prohibited by law from holding the position sought due to a conviction, regardless of whether the conviction has been expunged, sealed, eradicated, or dismissed; or (4) when the employer is prohibited by law from hiring an applicant who has been convicted of a crime.

With this new ordinance, Los Angeles joins the fast-growing list of localities (Austin, Baltimore, Buffalo, Chicago, Columbia (MO), District of Columbia, Montgomery County (MD), New York City, Philadelphia, Portland, Prince George’s County (MD), Rochester, San Francisco, and Seattle) and nine states (Connecticut, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, Oregon, Rhode Island, and Vermont) that have enacted similar laws for private employers.

Companies covered by the LAFCIH should immediately review and revise, if applicable, their applications, offer letters, background check forms, and notices, and ensure that their employment screening policies incorporate the ordinance’s pre-adverse and adverse action procedures and documentation, and record keeping requirements.

Since “ban-the-box” legislation is gaining momentum at a rapid pace, all nationwide employers may want to conduct an assessment of their employment screening practices to ensure their compliance with applicable laws and regulations.

|Employment Decisions, Legislation, Risk Management|

New Employment Background Screening Legislation for 2017

“Ban-the-box”

“Ban-the-box” measures, which generally prohibit employers from inquiring about a candidate’s criminal history (including performing background checks) until later in the hiring process, and impose significant compliance requirements, will soon be the norm rather than an exception. The city of Los Angeles, with its new Fair Chance Initiative for Hiring ordinance, is just the latest to join the fast growing list of localities (Austin, Baltimore, Buffalo, Chicago, Columbia – MO, District of Columbia, Montgomery County – MD, New York City, Philadelphia, Portland, Prince George’s County – MD, Rochester, San Francisco, and Seattle) and nine states (Connecticut, Hawaii, Illinois, Massachusetts, Minnesota, New Jersey, Oregon, Rhode Island, and Vermont (effective July 1, 2017)) that have enacted similar laws for private employers.

Juvenile criminal record checks

Effective January 1, 2017, AB 1843 amends Section 432.7 of the Labor Code to prohibit California employers from inquiring about and considering information regarding “an arrest, detention, process, diversion, supervision, adjudication, or court disposition” that occurred while the candidate was subject to the process and jurisdiction of a juvenile court. Certain employment situations are exempted from these requirements, such as a prohibition by law from hiring an applicant who has been convicted of a crime.

Criminal background checks for transportation network companies

Effective January 1, 2017, under California’s AB 1289, a transportation network company (“TNC”) such as Uber, is required to perform criminal background checks on all drivers. The bill also prohibits a TNC from contracting with a driver who is registered on the DOJ’s national sex offender website or has been convicted of specified felonies, or misdemeanor assault or battery, domestic violence, or driving under the influence of drugs or alcohol within the past seven years.

Credit check restrictions

The District of Columbia is the latest jurisdiction to pass a law that prohibits private employers, with certain exceptions, from conducting credit checks on job applicants. The Fair Credit in Employment Amendment Act, which amends the Human Rights Act of 1977 to include credit information as a protected trait will take effect following approval by Mayor Bowser and other enactment actions. Similar to the laws already in effect in ten states for private employers (California – AB 22; Colorado – The Employment Opportunity Act; Connecticut – SB 361; Hawaii – HB 31 SD1; Illinois – HB 4658; Maryland – HB 87; Nevada – SB 127; Oregon – SB 1045; Vermont – Act No. 154 (S. 95); Washington – RCW 19.182 and RCW 19.182.020) and at least two cities (New York City – Stop Credit Discrimination in Employment Act and Philadelphia – Bill No. 160072), it restricts checking an applicant’s credit history except in circumstances where a credit screen is justified by the position’s responsibilities or is required by law.

Wage history inquiries

Pay equity initiatives include California’s AB 1676, which effective January 1, 2017, prohibits employers from using a candidate’s prior salary as the sole basis to justify a pay disparity. California, however, has decided not to follow the Massachusetts provisions (described below) of banning inquiries regarding a candidate’s wage history.

Massachusetts was the first jurisdiction to pass a law that prevents employers from asking job candidates about their salary history. The commonwealth’s Pay Equity Act goes into effect July 1, 2018, and in addition to equal pay requirements, it makes it illegal, among other things, to: (1) require that an employee refrain from inquiring about, discussing or disclosing information about his or her wages, or any other employee’s wages; (2) screen job applicants based on their wages; (3) request or require a candidate to disclose prior wages or salary history; or (4) seek the salary history from a current or former employer, unless he/she provides express written consent, and an offer of employment, including proposed compensation, has been extended.

Effective May 23, 2017, the city of Philadelphia with its Fair Practices Ordinance: Protections Against Unlawful Discrimination will make it unlawful for employers to inquire about a candidate’s wage history during the hiring process, unless a federal, state, or local law specifically authorizes the disclosure or verification of wage information.

Drug testing – marijuana

According to the National Conference of State Legislatures (NCLS), 31 states/jurisdictions (Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Guam, Hawaii, Illinois, Maine, Maryland, Massachusetts, Michigan, Minnesota, Montana, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Dakota, Ohio, Oregon, Pennsylvania, Rhode Island, Vermont, and Washington) have public medical marijuana and cannabis programs, while several states (Alaska – Ballot Measure No. 2; California – Proposition 64; Colorado – Amendment 64; District of Columbia – Initiative 71; Maine – Question 1; Massachusetts – Question 4; Nevada – Question 2; Oregon – Measure 91; and Washington Initiative 502) have passed laws allowing for the recreational use of marijuana by adults. Since the legal landscape for marijuana use is changing rapidly, employers should review and update their substance abuse policies, including drug-testing. Notably, marijuana remains a Schedule I drug under the federal Controlled Substances Act.

Work authorization verification

California’s SB 1001 is a revival of the 2015 AB 1065, which effective January 1, 2017, makes it unlawful for employers to:

Request additional or different documents than those required under federal law to verify that an individual is not an unauthorized immigrant
Refuse to accept documents provided by the applicant that reasonably appear to be genuine
Refuse to honor documents or work authorization based on specific status or term that accompanies the authorization to work
Attempt to reinvestigate or re-verify a candidate’s authorization to work using an unfair immigration-related practice.

Effective January 1, 2017, Tennessee’s SB 1965 requires that companies with 50 or more employees use the federal E-Verify program to confirm new employees’ work authorization.

As a reminder, starting January 22, 2017, all employers must use the new Form I-9, which is dated November 14, 2016 (the edition date is on the bottom of the form). Employers that fail to use the new form may be subject to civil penalties.

|Employment Decisions, FCRA, Legislation, Risk Management|

Scherzer International’s participation in Arthritis Foundation’s annual Jingle Bell Run in Los Angeles

UPDATE: Scherzer International is proud to have raised over $5,000 during the Arthritis Foundation’s Jingle Bell Run fundraiser this year! We’d like to express a special thank you to everyone for their donations and helping to spread the word. The event on December 11^th was a great success and a good time for all who participated.

Scherzer International is excited to once again participate in the Arthritis Foundation’s annual Jingle Bell Run in Los Angeles! As many of us know too well, arthritis steals everyday joys and long-term dreams. It is painful and often devastating to nearly 53 million U.S. sufferers, their families, their employers, and the economy. It does not discriminate by age, gender, race, nationality, or socio-economic status.

The Arthritis Foundation exists to conquer arthritis (an umbrella term covering over 120 different forms including osteoarthritis, rheumatoid arthritis, lupus, fibromyalgia, ankylosing spondylitis, juvenile arthritis, and several others) by funding research for better treatment options and a cure; advocating for patient access to optimal care; serving as the go-to resource for patient information and education; and empowering 300,000 families and their children who suffer with juvenile arthritis.

That’s why we have committed to help in combatting arthritis head-on. We invite you to join us and over 1,500 people in supporting the 2016 Los Angeles Jingle Bell Run/Walk on Sunday, December 11, 2016.

This festive, holiday-themed (complete with jingle-bells shoe laces and other cool adornments), family-friendly race offers a timed 5K run/walk experience that takes participants through the streets of beautiful downtown Glendale. We ask that you please help in one or more ways:

sponsor the event – various levels are available with great marketing benefits for your company;
form a Jingle Bells Run/Walk team with your business, family or friends
Visit our team page at

http://www.jbr.org/faf/search/searchTeamPart.asp?ievent=1160290&team=6753872

For more information, please call the Arthritis Foundation office at (323) 954-5750, or e-mail cwilhite@arthritis.org. Carlie Wilhite, development manager, will be happy to help you.

Your generous support is greatly appreciated. We look forward to seeing you with bells on!

|Press Release|

European Commission Adopts EU-US Privacy Shield as Replacement for EU-US Safe Harbor Framework

What this is about	On July 12, 2016, the European Commission formally adopted the EU-US Privacy Shield (the “Privacy Shield”) which will provide organizations a mechanism to comply with EU data protection requirements when transferring personal data from the EU to the US. This new privacy framework reflects the requirements set out by the European Court of Justice in its October 2015 landmark decision in Maximillian Schrems vs. Data Protection Commissioner, which declared the EU-US Safe Harbor privacy regime invalid.
Privacy Shield overview:	The framework provides a set of robust and enforceable protections for the personal data of EU individuals, as well as transparency regarding the use of such data by participating companies, strong US government oversight, and increased cooperation with EU data protection authorities. For more information, see US Department of Commerce (“DOC”) factsheet and FAQs.
Joining the program:	The DOC will start accepting self-certifications beginning August 1, 2016. Organizations must identify and register with an independent dispute resolution provider prior to submitting their self-certification.
About self-certification:	The decision to participate in the program is voluntary; however, once an organization publicly commits to comply with the framework’s principles through self-certification, that commitment is enforceable under US law by the relevant authority–either the US Federal Trade Commission or the Department of Transportation. To receive the Privacy Shield’s benefits, an organization must self-certify annually to the DOC that it agrees to adhere to the framework’s requirements, based on the privacy principles that include notice, choice, access, and transfer accountability. See the DOC’s guide for more information about participation and compliance requirements.

Disclaimer: This communication is for general informational purposes only, and does not constitute legal advice. No recipient should act, or refrain from acting, on the basis of any information provided here without advice from a qualified attorney licensed in the applicable jurisdiction.

For further information, please contact us at 1-866-723-2287.

|Business Transactions, European Union, Security|

The EU-US Privacy Shield Framework text is now available

U.S. Secretary of Commerce Penny Pritzker released a statement regarding the historic agreement, noting that the “EU-US Privacy Shield is a tremendous victory for privacy, individuals, and businesses on both sides of the Atlantic.”

The EU-US Privacy Shield Framework (the “Framework”) was designed by the U.S. Department of Commerce (the “DOC”) and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

The Framework provides robust and enforceable protections for the personal data of EU individuals, mandating transparency for participating companies, strong U.S. government oversight, and increased cooperation with EU data protection authorities. Offering EU individuals access to multiple avenues to address concerns regarding participants’ compliance and a free dispute resolution, the Framework makes it easier for EU individuals to understand and exercise their rights.

The European Commission proposed that the Framework be deemed adequate to enable data transfers under EU law, which is now in the approval process. Once an adequacy determination is made, the DOC will begin accepting certifications under the Framework. Similar to the certification process of the now invalid Safe Harbor, if a U.S. based-company wishes to join the Framework, it will be required to self-certify to the DOC and publicly commit to comply with the Framework’s requirements. While joining the Framework will be voluntary, once an eligible company certifies compliance, the commitment will become enforceable under U.S. law.

Read the fact-sheet about the EU-US Privacy Shield Framework here.

Read the full text of the EU-US Privacy Shield Framework here.

|European Union|

Three companies to be fined for relying on invalidated Safe Harbor to transfer data from the EU

Fortune reported that Hamburg, Germany’s data protection commissioner, Johannes Caspar, is taking five unspecified global companies to task for continuing to transfer EU data to the US after the Safe Harbor ruling made it illegal, The Hamburg data protection authority is preparing to fine three companies for relying on the Safe Harbor privacy framework as the legal basis for their trans-Atlantic data transfers, the report states. “Two other firms are also under investigation” according to the report. Caspar refused to disclose the names of the companies for legal reasons, but said they are “large international companies” and “subsidiaries of US-based global corporates.”

|European Union, International|

Judicial Redress Act of 2015 signed into law

On February 24, 2016, President Obama signed the Judicial Redress Act of 2015 (“the Act”) into law, a major step toward formalizing the recently announced privacy framework, the EU-U.S. Privacy Shield, which will replace the Safe Harbor program that was declared invalid by the European Court of Justice in October 2015. The Act’s intent, as explained by House Judiciary Committee Chairman Bob Goodlatte (R-VA), is to reestablish the United States’ credibility with the European Union following the highly-publicized leaks of classified information in the recent years.

The Act extends to the citizens of EU countries that permit commercial transfers of personal data

[to the United States] similar rights to those enjoyed by US citizens under the Privacy Act of 1974, which established a code of fair information practices that govern the federal government’s collection, maintenance, use, and dissemination of information about individuals. The citizens of these EU countries will now be allowed to sue the United States for unlawful disclosure of their personal information obtained in connection with international law enforcement efforts. Under current law, only US citizens and legal residents can bring such claims against the federal government.

Read the text of the Act here.

|European Union, Legislation|

The EU-US Privacy Shield for transatlantic data transfers makes its debut

Announced on February 2, 2016 by the European Commission, the new political agreement called the Privacy Shield, reflects the requirements set out by the European Court of Justice in its ruling on October 6, 2015, which declared the old Safe Harbor privacy framework invalid.

The new arrangement calls for strong data privacy and security measures and robust enforcement of U.S. companies handling Europeans’ personal data, clear safeguards and transparency for U.S. government access, and effective protection of EU citizens’ rights with several redress possibilities.

The College of Commissioners is now preparing an adequacy decision regarding the Privacy Shield–the Article 29 Working Party (the “Working Party”), a data protection authority, is requesting that all documents be provided by the end of February 2016 so that it can complete its assessment of the new framework at a special plenary meeting shortly thereafter. In a statement issued February 3, 2016, the Working Party provided some assurances that during this period of transition, transfer mechanisms, such as standard contractual clauses (which are data transfer agreements approved by the Commission) and binding corporate rules (generally described as internal data processing rules binding on all members of a global corporate group) to permit intragroup transfers of personal data) can still be used as transfer tools to the U.S.

Organizations that certified compliance under the Safe Harbor regime must continue to meet their obligations in connection with previously transferred personal data to avoid enforcement actions by the Commerce Department or the Federal Trade Commission, which consider the Safe Harbor as still binding. In the interim, implementing the above-mentioned clauses should also be considered to the extent they supplement the Safe Harbor platform. It appears that the Privacy Shield, at least initially, will rely significantly on the Safe Harbor framework, and it is likely that the Department of Commerce will offer a means for Safe Harbor certified organizations to transition to the Privacy Shield.

Read Scherzer International’s first bulletin about the invalidation of the Safe Harbor privacy framework
Read the European Commission’s guidance about data transfers issued in November 2015
Read the European Commission’s press release about the Privacy Shield
Read the Working Party’s statement issued on February 3, 2016 about the Privacy Shield
Read the U.S. Department of Commerce fact-sheet about the Privacy Shield

|Educational Series, European Union, Guidance|

CFPB publishes annual guide about consumer reporting agencies

Every year, the Consumer Financial Protection Bureau (the “CFPB”) updates and publishes a guide to consumer reporting companies, The guide includes information in connection with requesting a consumer report from the three largest nationwide consumer reporting companies and dozens of specialty reporting companies, tips regarding specialty reports, updated information about authentication of identity when requesting a consumer report, information on companies that provide free credit scores, and rights with respect to consumer reports.

The CFPB notes that in prior years, its guide referred to consumer reporting businesses as “agencies” or “bureaus,” and that these terms can be confusing because they may imply these businesses are government entities. They are not—these companies are private-sector, for-profit entities, and in this year’s guide, the CFPB refers to them as “companies” for better clarity.